Ticket #29810: miqro-29810.2.patch
File miqro-29810.2.patch, 17.2 KB (added by , 10 years ago) |
---|
-
src/wp-admin/import.php
79 79 <table class="widefat importers"> 80 80 81 81 <?php 82 disable_shortcodes(); 82 83 $alt = ''; 83 84 foreach ($importers as $importer_id => $data) { 84 85 $action = ''; … … 115 116 <td class='desc'>{$data[1]}</td> 116 117 </tr>"; 117 118 } 119 enable_shortcodes(); 118 120 ?> 119 121 120 122 </table> -
src/wp-admin/includes/plugin.php
165 165 if ( $plugin_data['AuthorURI'] && $plugin_data['Author'] ) 166 166 $plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '">' . $plugin_data['Author'] . '</a>'; 167 167 168 disable_shortcodes(); 168 169 $plugin_data['Description'] = wptexturize( $plugin_data['Description'] ); 170 enable_shortcodes(); 169 171 170 172 if ( $plugin_data['Author'] ) 171 173 $plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s.'), $plugin_data['Author'] ) . '</cite>'; -
src/wp-admin/menu-header.php
46 46 function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) { 47 47 global $self, $parent_file, $submenu_file, $plugin_page, $typenow; 48 48 49 disable_shortcodes(); 50 49 51 $first = true; 50 52 // 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = page_title, 4 = classes, 5 = hookname, 6 = icon_url 51 53 foreach ( $menu as $key => $item ) { … … 204 206 echo '<li id="collapse-menu" class="hide-if-no-js"><div id="collapse-button"><div></div></div>'; 205 207 echo '<span>' . esc_html__( 'Collapse menu' ) . '</span>'; 206 208 echo '</li>'; 209 210 enable_shortcodes(); 207 211 } 208 212 209 213 ?> -
src/wp-includes/class-wp-theme.php
658 658 $value = $this->get_stylesheet(); 659 659 break; 660 660 case 'Description' : 661 disable_shortcodes(); 661 662 $value = wptexturize( $value ); 663 enable_shortcodes(); 662 664 break; 663 665 case 'Author' : 664 666 if ( $this->get('AuthorURI') ) { -
src/wp-includes/comment-template.php
963 963 if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && false !== stripos( $_SERVER['HTTP_USER_AGENT'], 'W3C_Validator' ) ) { 964 964 return; 965 965 } 966 967 disable_shortcodes(); 966 968 967 969 echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 968 970 xmlns:dc="http://purl.org/dc/elements/1.1/" … … 976 978 echo ' dc:title="'.str_replace('--', '--', wptexturize(strip_tags(get_the_title()))).'"'."\n"; 977 979 echo ' trackback:ping="'.get_trackback_url().'"'." />\n"; 978 980 echo '</rdf:RDF>'; 981 982 enable_shortcodes(); 979 983 } 980 984 981 985 /** -
src/wp-includes/default-filters.php
92 92 93 93 // Format strings for display. 94 94 foreach ( array( 'comment_author', 'term_name', 'link_name', 'link_description', 'link_notes', 'bloginfo', 'wp_title', 'widget_title' ) as $filter ) { 95 add_filter( $filter, 'wptexturize' ); 96 add_filter( $filter, 'convert_chars' ); 97 add_filter( $filter, 'esc_html' ); 95 add_filter( $filter, 'restrict_shortcodes', 8 ); 96 add_filter( $filter, 'wptexturize' ); 97 add_filter( $filter, 'convert_chars' ); 98 add_filter( $filter, 'esc_html' ); 99 add_filter( $filter, 'enable_shortcodes', 12 ); 98 100 } 99 101 100 102 // Format WordPress … … 104 106 105 107 // Format titles 106 108 foreach ( array( 'single_post_title', 'single_cat_title', 'single_tag_title', 'single_month_title', 'nav_menu_attr_title', 'nav_menu_description' ) as $filter ) { 107 add_filter( $filter, 'wptexturize' ); 108 add_filter( $filter, 'strip_tags' ); 109 add_filter( $filter, 'restrict_shortcodes', 8 ); 110 add_filter( $filter, 'wptexturize' ); 111 add_filter( $filter, 'strip_tags' ); 112 add_filter( $filter, 'enable_shortcodes', 12 ); 109 113 } 110 114 111 115 // Format text area for display. 112 116 foreach ( array( 'term_description' ) as $filter ) { 113 add_filter( $filter, 'wptexturize' ); 114 add_filter( $filter, 'convert_chars' ); 115 add_filter( $filter, 'wpautop' ); 116 add_filter( $filter, 'shortcode_unautop'); 117 add_filter( $filter, 'restrict_shortcodes', 8 ); 118 add_filter( $filter, 'wptexturize' ); 119 add_filter( $filter, 'convert_chars' ); 120 add_filter( $filter, 'wpautop' ); 121 add_filter( $filter, 'shortcode_unautop' ); 122 add_filter( $filter, 'enable_shortcodes', 12 ); 117 123 } 118 124 119 125 // Format for RSS … … 124 130 add_filter( 'wp_update_term_parent', 'wp_check_term_hierarchy_for_loops', 10, 3 ); 125 131 126 132 // Display filters 127 add_filter( 'the_title', 'wptexturize' ); 128 add_filter( 'the_title', 'convert_chars' ); 129 add_filter( 'the_title', 'trim' ); 133 add_filter( 'the_title', 'restrict_shortcodes', 8 ); 134 add_filter( 'the_title', 'wptexturize' ); 135 add_filter( 'the_title', 'convert_chars' ); 136 add_filter( 'the_title', 'trim' ); 137 add_filter( 'the_title', 'enable_shortcodes', 12 ); 130 138 131 139 add_filter( 'the_content', 'wptexturize' ); 132 140 add_filter( 'the_content', 'convert_smilies' ); … … 135 143 add_filter( 'the_content', 'shortcode_unautop' ); 136 144 add_filter( 'the_content', 'prepend_attachment' ); 137 145 138 add_filter( 'the_excerpt', 'wptexturize' ); 139 add_filter( 'the_excerpt', 'convert_smilies' ); 140 add_filter( 'the_excerpt', 'convert_chars' ); 141 add_filter( 'the_excerpt', 'wpautop' ); 142 add_filter( 'the_excerpt', 'shortcode_unautop'); 146 add_filter( 'the_excerpt', 'restrict_shortcodes', 8 ); 147 add_filter( 'the_excerpt', 'wptexturize' ); 148 add_filter( 'the_excerpt', 'convert_smilies' ); 149 add_filter( 'the_excerpt', 'convert_chars' ); 150 add_filter( 'the_excerpt', 'wpautop' ); 151 add_filter( 'the_excerpt', 'shortcode_unautop' ); 152 add_filter( 'the_excerpt', 'enable_shortcodes', 12 ); 153 143 154 add_filter( 'get_the_excerpt', 'wp_trim_excerpt' ); 144 155 156 add_filter( 'comment_text', 'restrict_shortcodes', 8 ); 145 157 add_filter( 'comment_text', 'wptexturize' ); 146 158 add_filter( 'comment_text', 'convert_chars' ); 147 159 add_filter( 'comment_text', 'make_clickable', 9 ); 160 add_filter( 'comment_text', 'enable_shortcodes', 12 ); 148 161 add_filter( 'comment_text', 'force_balance_tags', 25 ); 149 162 add_filter( 'comment_text', 'convert_smilies', 20 ); 150 163 add_filter( 'comment_text', 'wpautop', 30 ); … … 151 164 152 165 add_filter( 'comment_excerpt', 'convert_chars' ); 153 166 154 add_filter( 'list_cats', 'wptexturize' ); 167 add_filter( 'list_cats', 'restrict_shortcodes', 8 ); 168 add_filter( 'list_cats', 'wptexturize' ); 169 add_filter( 'list_cats', 'enable_shortcodes', 12 ); 155 170 156 171 add_filter( 'wp_sprintf', 'wp_sprintf_l', 10, 2 ); 157 172 -
src/wp-includes/formatting.php
28 28 * @return string The string replaced with html entities 29 29 */ 30 30 function wptexturize($text, $reset = false) { 31 global $wp_cockneyreplace ;31 global $wp_cockneyreplace, $shortcode_enabled; 32 32 static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements, 33 33 $default_no_texturize_tags, $default_no_texturize_shortcodes, $run_texturize = true; 34 34 … … 203 203 $no_texturize_tags_stack = array(); 204 204 $no_texturize_shortcodes_stack = array(); 205 205 206 $find_shortcodes = false; 207 $html = ''; 208 209 if ( 'false' !== $shortcode_enabled ) { 210 if ( 'restricted' === $shortcode_enabled ) { 211 // Shortcodes in this $text are not allowed to contain raw HTML. 212 $html = '<>'; 213 } 214 $pos = strpos( $text, '[' ); 215 if ( false !== $pos ) { 216 if ( false !== strpos( $text, ']', $pos ) ) { 217 $find_shortcodes = true; 218 } 219 } 220 } 221 206 222 // Look for shortcodes and HTML elements. 207 223 208 224 $comment_regex = 209 '!' // Start of comment, after the <. 210 . '(?:' // Unroll the loop: Consume everything until --> is found. 211 . '-(?!->)' // Dash not followed by end of comment. 212 . '[^\-]*+' // Consume non-dashes. 213 . ')*+' // Loop possessively. 214 . '(?:-->)?'; // End of comment. If not found, match all input. 215 225 '!' // Start of comment, after the <. 226 . '(?:' // Unroll the loop: Consume everything until --> is found. 227 . '-(?!->)' // Dash not followed by end of comment. 228 . '[^\-]*+' // Consume non-dashes. 229 . ')*+' // Loop possessively. 230 . '(?:-->)?'; // End of comment. If not found, match all input. 231 232 $html_regex = 233 '<' // Find start of element. 234 . '(?(?=!--)' // Is this a comment? 235 . $comment_regex // Find end of comment. 236 . '|' 237 . '[^>]+>' // Find end of element. 238 . ')'; 239 216 240 $shortcode_regex = 217 '\[' // Find start of shortcode. 218 . '[\/\[]?' // Shortcodes may begin with [/ or [[ 219 . '[^\s\/\[\]]' // No whitespace before name. 220 . '[^\[\]]*+' // Shortcodes do not contain other shortcodes. Possessive critical. 221 . '\]' // Find end of shortcode. 222 . '\]?'; // Shortcodes may end with ]] 223 224 $regex = 225 '/(' // Capture the entire match. 226 . '<' // Find start of element. 227 . '(?(?=!--)' // Is this a comment? 228 . $comment_regex // Find end of comment. 229 . '|' 230 . '[^>]+>' // Find end of element. 231 . ')' 232 . '|' 233 . $shortcode_regex // Find shortcodes. 234 . ')/s'; 241 '\[' // Find start of shortcode. 242 . '[\/\[]?' // Shortcodes may begin with [/ or [[ 243 . '[^\s\/\[\]]' // No whitespace before name. 244 . "[^\[\]$html]*+" // Shortcodes do not contain other shortcodes. Possessive critical. 245 . '\]' // Find end of shortcode. 246 . '\]?'; // Shortcodes may end with ]] 235 247 248 if ( $find_shortcodes ) { 249 $regex = "/($html_regex|$shortcode_regex)/s"; 250 } else { 251 $regex = "/($html_regex)/s"; 252 } 253 236 254 $textarr = preg_split( $regex, $text, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); 237 255 238 256 foreach ( $textarr as &$curl ) { … … 253 271 254 272 continue; 255 273 256 } elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) {274 } elseif ( $find_shortcodes && '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) { 257 275 // This is a shortcode delimiter. 258 276 259 277 if ( '[[' !== substr( $curl, 0, 2 ) && ']]' !== substr( $curl, -2 ) ) { … … 482 500 * @return string The filtered content. 483 501 */ 484 502 function shortcode_unautop( $pee ) { 485 global $shortcode_tags ;503 global $shortcode_tags, $shortcode_enabled; 486 504 487 if ( empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) {505 if ( 'false' === $shortcode_enabled || empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) { 488 506 return $pee; 489 507 } 490 508 … … 491 509 $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) ); 492 510 $spaces = wp_spaces_regexp(); 493 511 512 if ( 'restricted' === $shortcode_enabled ) { 513 $html = '<>'; 514 } else { 515 $html = ''; 516 } 517 494 518 $pattern = 495 519 '/' 496 520 . '<p>' // Opening paragraph … … 500 524 . "($tagregexp)" // 2: Shortcode name 501 525 . '(?![\\w-])' // Not followed by word character or hyphen 502 526 // Unroll the loop: Inside the opening shortcode tag 503 . '[^\\]\\/]*'// Not a closing bracket or forward slash527 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 504 528 . '(?:' 505 529 . '\\/(?!\\])' // A forward slash not followed by a closing bracket 506 . '[^\\]\\/]*'// Not a closing bracket or forward slash530 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 507 531 . ')*?' 508 532 . '(?:' 509 533 . '\\/\\]' // Self closing tag and closing bracket -
src/wp-includes/general-template.php
1129 1129 * @return string HTML link content for archive. 1130 1130 */ 1131 1131 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 1132 disable_shortcodes(); 1132 1133 $text = wptexturize($text); 1134 enable_shortcodes(); 1133 1135 $url = esc_url($url); 1134 1136 1135 1137 if ('link' == $format) -
src/wp-includes/media.php
1072 1072 $image_output 1073 1073 </{$icontag}>"; 1074 1074 if ( $captiontag && trim($attachment->post_excerpt) ) { 1075 disable_shortcodes(); 1075 1076 $output .= " 1076 1077 <{$captiontag} class='wp-caption-text gallery-caption'> 1077 1078 " . wptexturize($attachment->post_excerpt) . " 1078 1079 </{$captiontag}>"; 1080 enable_shortcodes(); 1079 1081 } 1080 1082 $output .= "</{$itemtag}>"; 1081 1083 if ( ! $html5 && $columns > 0 && ++$i % $columns == 0 ) { -
src/wp-includes/shortcodes.php
44 44 $shortcode_tags = array(); 45 45 46 46 /** 47 * The status of the Shortcode API, which may need to be known in related functions. 48 * 49 * Values: 50 * 'true' - Full shortcode support. 51 * 'restricted' - Shortcodes that contain special characters will be ignored. 52 * 'false' - All shortcode features are disabled. 53 * 54 * @since 4.1.0 55 * 56 * @name $shortcode_enabled 57 * @var string 58 * @global string $shortcode_enabled 59 */ 60 $shortcode_enabled = 'true'; 61 62 /** 47 63 * Add hook for shortcode tag. 48 64 * 49 65 * There can only be one hook for each shortcode. Which means that if another … … 191 207 * @return string Content with shortcodes filtered out. 192 208 */ 193 209 function do_shortcode($content) { 194 global $shortcode_tags ;210 global $shortcode_tags, $shortcode_enabled; 195 211 196 if ( false === strpos( $content, '[' ) ) {212 if ( 'false' === $shortcode_enabled || false === strpos( $content, '[' ) ) { 197 213 return $content; 198 214 } 199 215 … … 226 242 * @return string The shortcode search regular expression 227 243 */ 228 244 function get_shortcode_regex() { 229 global $shortcode_tags ;245 global $shortcode_tags, $shortcode_enabled; 230 246 $tagnames = array_keys($shortcode_tags); 231 247 $tagregexp = join( '|', array_map('preg_quote', $tagnames) ); 248 249 if ( 'restricted' === $shortcode_enabled ) { 250 $html = '<>'; 251 } else { 252 $html = ''; 253 } 232 254 233 255 // WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag() 234 256 // Also, see shortcode_unautop() and shortcode.js. … … 238 260 . "($tagregexp)" // 2: Shortcode name 239 261 . '(?![\\w-])' // Not followed by word character or hyphen 240 262 . '(' // 3: Unroll the loop: Inside the opening shortcode tag 241 . '[^\\]\\/]*'// Not a closing bracket or forward slash263 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 242 264 . '(?:' 243 265 . '\\/(?!\\])' // A forward slash not followed by a closing bracket 244 . '[^\\]\\/]*'// Not a closing bracket or forward slash266 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 245 267 . ')*?' 246 268 . ')' 247 269 . '(?:' … … 384 406 * @return string Content without shortcode tags. 385 407 */ 386 408 function strip_shortcodes( $content ) { 387 global $shortcode_tags ;409 global $shortcode_tags, $shortcode_enabled; 388 410 389 if ( false === strpos( $content, '[' ) ) {411 if ( 'false' === $shortcode_enabled || false === strpos( $content, '[' ) ) { 390 412 return $content; 391 413 } 392 414 … … 407 429 return $m[1] . $m[6]; 408 430 } 409 431 432 /** 433 * Enable the Shortcode API 434 * 435 * @since 4.1.0 436 * 437 * @param string $filter_arg Allows this function to get hooked to a filter. 438 * @return string The first param will be returned. 439 */ 440 function enable_shortcodes( $filter_arg = '' ) { 441 $shortcode_enabled = 'true'; 442 return $filter_arg; 443 } 444 445 /** 446 * Restrict the Shortcode API from parsing shortcodes that contain HTML. 447 * 448 * @since 4.1.0 449 * 450 * @param string $filter_arg Allows this function to get hooked to a filter. 451 * @return string The first param will be returned. 452 */ 453 function restrict_shortcodes( $filter_arg = '' ) { 454 $shortcode_enabled = 'restricted'; 455 return $filter_arg; 456 } 457 458 /** 459 * Disable the Shortcode API 460 * 461 * @since 4.1.0 462 * 463 * @param string $filter_arg Allows this function to get hooked to a filter. 464 * @return string The first param will be returned. 465 */ 466 function disable_shortcodes( $filter_arg = '' ) { 467 $shortcode_enabled = 'false'; 468 return $filter_arg; 469 } 470 410 471 add_filter('the_content', 'do_shortcode', 11); // AFTER wpautop()